McAfee Data Loss Prevention 9.2.1 Скачать руководство пользователя страница 43

Страница: 43 / 78

Task

Log on as root to the McAfee DLP appliance.

Stop the NTP daemon.

# service ntpd stop

# chkconfig

‑‑

level 2345 ntpd off

Restart the NTP daemon.

# service ntpd start

# chkconfig

‑‑

level 2345 ntpd on

The service command will control the service while the system is running; the

chkconfig

commands will control what happens at boot time.

Testing the system

If your system doesn't appear to be generating incidents after it is installed, you can take steps to
ensure that it is configured correctly.

Table 4-1 Configuration checklist

Checks

Explanation

Action

Are appliance

connections

complete?

Status icons display health of each

managed appliance.

On the

System

page, check to see if the

Status

icon is green. If status is

Registering

Unknown

, wait until the process is

complete (you might want to refresh the

page).

Critical

systems must be

reinstalled.

Are policies

activated?

If policies are not activated during

the setup phase, their rules cannot

be matched to network data.

On the

Policies

page, check the

State

column. If policies are inactive, select

policy boxes, then select

Activate

from the

Actions

menu.

Is the timestamp

filter set?

The default is

Previous 24 hours

to keep

the system from producing

unmanageable numbers of results.

On the

Incidents

page, set

Filter by

to a

longer time period. If the system was

recently installed, it will need some lead

time for data capture and analysis.

Are capture filters

set?

The system might have been set up

to block traffic that is needed to meet

your protection strategy. For

example, the RFC 1918 filter blocks

internal IP addresses.

On the

System

Capture Filters

page,

remove filters that might be blocking

traffic.

Are common

keywords

producing results?

If data is being captured, you will be

able to find keywords that are

commonly found in your network

traffic — for example, your company

name.

On the

Basic Search

page, type in a

common keyword that can be found in

captured data.

Does changing the

dashboard view

display different

results?

Data

‑

Motion

Data

‑

Rest

, and

Data

‑

Use

dashboards display results in network

traffic, repositories and endpoints.

On the

System

page, check to see if the

corresponding products are installed.

Are existing filters

blocking significant

results?

When filters are set, only the

configured results are visible on the

dashboard.

On the

Incidents

page, click

Clear All

in the

Filter by

frame.

Configuring McAfee DLP appliances and adding servers

Testing the system

McAfee Data Loss Prevention 9.2.1

Installation Guide

Содержание Data Loss Prevention 9.2.1

Страница 1: ...Installation Guide Revision C McAfee Data Loss Prevention 9 2 1 For use with ePolicy Orchestrator 4 5 0 and 4 6 0 Software...

Страница 2: ...laimed as the property of others LICENSE INFORMATION License Agreement NOTICE TO ALL USERS CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED WHICH SETS FORTH TH...

Страница 3: ...n installation to another McAfee DLP product 20 Restoring the drives 21 3 Installing or upgrading software on 1650 and 3650 appliances 23 Download the 1650 or 3650 archive 23 Install a fresh image on...

Страница 4: ...5 Uninstall McAfee DLP Endpoint 66 6 Integrating McAfee DLP Endpoint into a unified policy system 67 Setting up Unified DLP on ePolicy Orchestrator 68 Install the network extension 68 Install the UDLP...

Страница 5: ...his guide and how the guide is organized Audience McAfee documentation is carefully researched and written for the target audience The information in this guide is intended primarily for Administrator...

Страница 6: ...ased information about the product is entered into the McAfee online KnowledgeBase Task 1 Go to the McAfee Technical Support ServicePortal at http mysupport mcafee com 2 Under Self Service access the...

Страница 7: ...your protection strategy After you complete setup of all of the appliances go to the System tab on McAfee DLP Manager to add the products to be managed and the servers needed to complete the system F...

Страница 8: ...server Primary DNS server 2 Devise a protection strategy by evaluating the type of information you need to protect Your objectives will determine which policies you activate 3 Determine who will be t...

Страница 9: ...ernet port 3 Capture port 1 Figure 1 2 Model 3650 appliance port configuration 1 Ethernet port 0 2 Ethernet port 1 Management port 3 Ethernet port 2 Capture port 0 4 Ethernet port 3 Capture port 1 Fig...

Страница 10: ...be completed only on the McAfee DLP Manager appliance 8 Click Submit then Exit Wizard When this step is complete the appliance will have a new IP address and will be integrated into the network Resta...

Страница 11: ...Monitor McAfee DLP Monitor must be physically integrated into the network so it can capture traffic There are two integration modes use of a mirror SPAN port on a LAN switch or placement of a network...

Страница 12: ...rt configuration 3 Using interface show commands on the switch verify that traffic is being received on the switch port to which McAfee DLP Monitor is connected 4 Save the configuration on the switch...

Страница 13: ...res physical disconnection and reconnection of network cables so it disrupts traffic A service window is required With this configuration full traffic capture is done even under heavy load conditions...

Страница 14: ...switch Complete the setup Add the NTP server to sync McAfee DLP Manager to the network Task 1 Open a web browser and enter the assigned IP address in the address bar to restart McAfee DLP Manager 2 Cl...

Страница 15: ...d the 4400 archive To prepare for installation on the 4400 download the software from the Service Portal Before you begin Locate the grant number you received after purchasing the product McAfee DLP M...

Страница 16: ...the operating system of the appliance During the upgrade process the configuration data in the data directory and the kernel boot loader information in the boot directory are copied over to the new i...

Страница 17: ...rs stating which image will boot next 4 Restart the system Install a fresh image on 4400 appliances To install a fresh image install on both primary and secondary disks Before you begin Download the p...

Страница 18: ...ensures that the original image can still be accessed after the upgrade is complete The system automatically boots from the latest image Before you begin Download the product archive and copy it to th...

Страница 19: ...C data install 7 Go to the data install directory cd data install 8 Run the installation script Before you type the command run pwd to establish that you are in the correct product directory You must...

Страница 20: ...yyy_zz tar gz C data hotfix 5 Go to the data hotfix directory cd data hotfix xxxxxx 6 Optional Open the README file to see the hotfix details 7 Run the installation script install_hotfix 8 Restart the...

Страница 21: ...message appears stating which image will boot next 4 Restart the system Restoring the drives To restore the drives on the 4400 appliance insert the DVD that was shipped with it The process that runs...

Страница 22: ...2 Installing or upgrading the software on 4400 appliances Restoring the drives 22 McAfee Data Loss Prevention 9 2 1 Installation Guide...

Страница 23: ...appliances Apply a hotfix Download the 1650 or 3650 archive To prepare for installation on the Model 1650 or 3650 download the software from the Service Portal Before you begin Locate the grant number...

Страница 24: ...og on to the McAfee DLP device as root 2 Copy the archive to the appliance If you downloaded the archive to a Windows based computer use WinSCP If you are copying the archive from a Linux server use t...

Страница 25: ...3650 appliances To upgrade a product on 1650 or 3650 appliances you must install 9 2 0 before upgrading to 9 2 1 Before you begin Download the product archive and copy it to the appliance Stop all sca...

Страница 26: ...d data install 11 Run the application installation script install_stingray U P platform type The script completes then instructs you to reboot 12 Restart the system reboot 13 Install Hotfix 793756_460...

Страница 27: ...tar xvzf hotfix_xxxxxx_yyyy_zz tar gz C data hotfix 5 Go to the data hotfix directory cd data hotfix xxxxxx 6 Optional Open the README file to see the hotfix details 7 Run the installation script inst...

Страница 28: ...3 Installing or upgrading software on 1650 and 3650 appliances Apply a hotfix 28 McAfee Data Loss Prevention 9 2 1 Installation Guide...

Страница 29: ...lt the McAfee Total Protection for Data Loss Prevention 9 2 0 Product Guide for more information Contents Configure McAfee DLP appliances using Setup Wizard Configure McAfee DLP appliances after insta...

Страница 30: ...onfiguration page assign the hostname domain and IP addresses of the gateway and DNS servers then click Next Figure 4 1 Network configuration You must enter a fully qualified domain name into the Host...

Страница 31: ...er and click Next Figure 4 2 Time configuration You might want to set the NTP server manually in some cases Configuring McAfee DLP appliances and adding servers Configure McAfee DLP appliances using S...

Страница 32: ...f you have to change this configuration later you can activate or deactivate policies from the Policies page For example you might want to use international policies that are available on that page 4...

Страница 33: ...for the primary administrator and set a password then click Next Figure 4 4 Administrator setup Configuring McAfee DLP appliances and adding servers Configure McAfee DLP appliances using Setup Wizard...

Страница 34: ...on the System page Figure 4 5 Review Figure 4 6 Email server setting 8 If you are setting up McAfee DLP Prevent type in the IP address of a smart host then click Next 4 Configuring McAfee DLP applianc...

Страница 35: ...g McAfee DLP Manager to open an SSH tunnel between the devices Before you begin If you are going to install the network product suite on ePolicy Orchestrator you must add the netdlp zip extension befo...

Страница 36: ...nly as a collection point for the data Other machines are capturing and indexing data and the processor indicates the CPU utilization It should not go over 70 80 If registration seems to be taking a l...

Страница 37: ...mail headers of messages entering the MTA 3 Must be capable of taking actions based on specified match expressions for email headers The specific header strings received from McAfee DLP Prevent are th...

Страница 38: ...proxy server because it is already part of the network If you are setting up McAfee DLP Prevent to process email type the Smart Host IP address to which the processed email will be routed Host names a...

Страница 39: ...type For example if you add Active Directory servers you cannot add OpenLDAP servers Task 1 Open the Directory Services page in one of two ways In ePolicy Orchestrator select Menu Data Loss Preventio...

Страница 40: ...aded certificate Unlike the LDAP server domain name you can use any valid account that has permission to read from the LDAP server an administrative account is not necessary If you have already entere...

Страница 41: ...reconnex net Enter the name into the Authorization Server field 12 Select a Scope to set the directory depth to be accessed on the server 13 Click Apply Add McAfee Logon Collector to McAfee DLP Manage...

Страница 42: ...tor 17 Open a Remote Desktop session on the McAfee Logon Collector server and restart it When the server comes up the SSL connection between the servers is complete Add syslog servers to McAfee DLP sy...

Страница 43: ...Previous 24 hours to keep the system from producing unmanageable numbers of results On the Incidents page set Filter by to a longer time period If the system was recently installed it will need some l...

Страница 44: ...4 Configuring McAfee DLP appliances and adding servers Testing the system 44 McAfee Data Loss Prevention 9 2 1 Installation Guide...

Страница 45: ...erver Install McAfee ePolicy Orchestrator Installing McAfee DLP WCF service Repository folders User and permission sets Install the McAfee Data Loss Prevention Endpoint extension Initialize the McAfee...

Страница 46: ...Microsoft operating system software is supported Table 5 2 Operating systems supported Computer type Software Servers Windows Server 2003 Standard SE SP1 or later 32 or 64 bit Windows Server 2003 Ente...

Страница 47: ...of Microsoft SQL Server you are using The McAfee DLP Endpoint software version 9 2 200 x package includes the following McAfee Data Loss Prevention Endpoint McAfee Agent plug in McAfee DLP Endpoint e...

Страница 48: ...ms this folder might be locked down In that case you must temporarily change the permissions for this folder Otherwise the installation fails We recommend completing all software installations before...

Страница 49: ...Communication Foundation WCF service on the same server as the McAfee ePO SQL database local installation or on a separate server remote installation Where McAfee ePolicy Orchestrator is installed tog...

Страница 50: ...r in Microsoft SQL Server on page 50 To use either Windows or SQL authentication with the McAfee DLP WCF service or the ePolicy Orchestrator database an authorized user must be defined in the Microsof...

Страница 51: ...tor rights on the servers involved This is a required task The default authorized user does not work with the McAfee DLP WCF service Task 1 Start SQL Server Management Studio Express and connect to th...

Страница 52: ...gon name Set the default database to ePO4_SERVER Enforcing a password policy is optional 6 On the User Mapping page of the Login Properties window in the Users mapped to this login section select ePO4...

Страница 53: ...tor Before you begin Before installing the McAfee DLP WCF service create a user in Microsoft SQL Server You must do this even if you are going to use Windows authentication When installing or upgradin...

Страница 54: ...Sensitive Data in RSS Feed 3 In step 5 of the installation wizard Microsoft SQL Database do the following Review the defaults for Database Server and Database Name Type other values if necessary Sele...

Страница 55: ...not include sensitive content Creating and configuring repository folders McAfee Data Loss Prevention Endpoint software requires certain repository folders on the server These folders must be created...

Страница 56: ...fy that the Apply onto option says This folder subfolders and files then click OK The Advanced Security Settings dialog box now includes Domain Computers 10 Click OK twice to close the dialog box Conf...

Страница 57: ...McAfee DLP Manager and McAfee DLP Monitor These roles can include creating and saving policies viewing but not changing policies generating override uninstall and quarantine release keys viewing the M...

Страница 58: ...in the permission set form and you can attach them to the set If you create permission sets first the permission set names appear in the user form and you can attach the user to them 4 Click Save 5 In...

Страница 59: ...ention Endpoint software you must upgrade the license after you complete the installation Task For option definitions click in the interface 1 In ePolicy Orchestrator select Menu Software Extensions t...

Страница 60: ...o step 4 3 If no previous policy exists the message DLP global policy is unavailable Loading default policy appears Click OK to continue 4 When the message Agent configuration is unavailable Loading a...

Страница 61: ...8 characters with at least one each uppercase lower case digit and special character symbol If you are upgrading this is not implemented until you change a password If you don t want endpoint key gen...

Страница 62: ...y console menu bar select Help Update License The View and Update License window displays the current default activation key and expiration date 2 Click Update 3 Type or paste the activation key Activ...

Страница 63: ...Endpoint The final stage of McAfee DLP Endpoint software installation is to define a policy deploy McAfee DLP Endpoint agents to the managed computers and verify the installation Tasks Define a defaul...

Страница 64: ...lick through to step 2 of the rule creation wizard and add the Email Category created when creating the classification rule in the Included column e Click through to step 7 of the rule creation wizard...

Страница 65: ...CE_USER user_name SERVICE_PASSWORD password The service user should be defined as the Citrix Administrator in Citrix Access Management Console Presentation Server Server Name Administrators and must b...

Страница 66: ...t Uninstall Key window This information is not required when creating a master release code 3 Type the uninstall challenge code Step 2 This is the code the user obtains by clicking the McAfee Agent ic...

Страница 67: ...products to unify the system under the network product suite The McAfee Agent DLP client routes policy updates to the clients and collects events from them If evidence collecting is enabled in the pol...

Страница 68: ...to Menu Software Extensions 3 Click Install Extension 4 Browse to the netdlp zip file and click OK 5 Click OK Install the UDLP host extension You must install UDLP extension version 9 2 107 on ePolic...

Страница 69: ...ers and groups to enable manual tagging of files on agent machines For example type in Everyone to give Manual Tagging Authorization to all users This sets up the agent to support manual tagging throu...

Страница 70: ...Configuration Registered Servers Actions Edit Next Database instance ePO database instance Menu Configuration Registered Servers Actions Edit Next SQL Server instance instance name ePO GUI IP address...

Страница 71: ...he Registered Server Builder page appears 4 In the Description field type in the name of the McAfee DLP Manager 5 In the Database Password field type in the epouser database password from the McAfee D...

Страница 72: ...r loses connection to the database you cannot use https servername port core config to reconnect to the database Refer to KB66320 in the McAfee Knowledgebase for more information Configuring McAfee DL...

Страница 73: ...nterval 4 Click Submit Maintaining compatibility with installed McAfee clients Because McAfee DLP Manager supports multiple versions of McAfee DLP Endpoint client the system must be configured to hand...

Страница 74: ...Password page in one of two ways In ePolicy Orchestrator select Menu Data Loss Prevention DLP Sys Config Endpoint Configuration Miscellaneous and click Agent Override Password 2 Enter a password in t...

Страница 75: ...ndpoint McAfee recommends that you start by setting up protection rules and viewing the events reported on the ePolicy Orchestrator Data in Use dashboard Consult the Product Guide for McAfee Total Pro...

Страница 76: ...6 Integrating McAfee DLP Endpoint into a unified policy system Installation and configuration complete 76 McAfee Data Loss Prevention 9 2 1 Installation Guide...

Страница 77: ...ng on Windows Server 2008 56 H hardware requirements 46 L license Device Control and DLP 62 M McAfee ServicePortal accessing 6 Microsoft SQL adding a user 50 Microsoft SQL installing 53 P permission s...

Страница 78: ...TP000030C00...

Результаты поиска

Содержание Data Loss Prevention 9.2.1

Отзывы:

Похожие инструкции для Data Loss Prevention 9.2.1

Бренды по названию

Популярные бренды

McAfee Data Loss Prevention 9.2.1, Руководство по установке

Результаты поиска

Содержание Data Loss Prevention 9.2.1

Отзывы:

Похожие инструкции для Data Loss Prevention 9.2.1

Бренды по названию

Популярные бренды